As you may be aware, there has been a cyber security incident involving unauthorised access to some ManageMyHealth (MMH) data. MMH is a third-party patient portal system that integrates with our Practice Management System and has provided a high level of value for patients and staff alike for approximately 10 years. We are therefore extremely disappointed and concerned that such an incident has occurred.
We have been advised by MMH that the incident relates to documents under a specific function within MMH called Health Documents. We don't use or generally promote the Health Documents function as it is not part of how we use the platform, however MMH have advised that this function contained the following documents:
- Hospital discharge documents from Northland Hospital
- Some specialist referral letters between 2017 and 2019
- Documents that users uploaded themselves to the ‘My Documents' module
The connections between our systems and MMH were not affected and none of the data which we have received and hold directly (such as consultation notes and messages) are part of this incident.
MMH have advised us that approximately 4% of our current patients have been affected in some way. This includes situations where patients were not a patient with us when the data was added to MMH, as a MMH account sits independent of a patient's practice enrolment.
For those patients affected, MMH will be contacting you directly as they are the responsible holder for this information. These notifications are currently underway. These notifications will provide details of how more information and support can be accessed., including the 0800 number to contact MMH directly.
We are aware that some patients who have been notified as being affected are having some issues, including:
- Difficulty accessing the MMH system,
- Conflicting messages about whether they are affected or not, and
- Difficulty accessing or reconciling the documents they are being advised are affected.
As this incident includes information that was not part of our system, we unfortunately can't provide any more detail about specific documents. Please ensure that you are logging in via the website (rather than the app), otherwise please contact MMH via the 0800 number or email and they will come back to you as soon as they can.
MMH have also released a FAQ at https://managemyhealth.co.nz/faqs-cyber-breach/ to provide more information. We also understand that an 0800 number will be available soon, however we have not been given this information yet. You can contact ManageMyHealth directly via info@managemyhealth.co.nz in the meantime.
At this stage we are continuing to have the MMH system available, as many of our patients rely upon this to interact with us regarding their healthcare. We have been advised that the MMH system has been confirmed to be safe by external international experts and Health NZ., as the part of the system we use was not affected and the flaw that enabled this incident has been resolved.
However, if you would like to close your MMH account, then you can do so by signing into the MMH website, going to My Account and selecting option Close Account. Your information will be deleted from the platform once your account is closed. Please note that closing your account will make it more difficult for you to be notified about the impact of the incident and for you to access the affected documents, so given that the platform has now been secured we don't necessarily recommend this at this time. It does remain your personal decision as to whether to do this or not.
We acknowledge the distress that this incident has caused for many patients and we share your concerns. We expect the next step to be an alert from MMH to affected patients (if not already received), however we are continuing to update the alert page on our website everyday with any relevant information specific to our practices.
Updated 1.09pm, 9 January 2026
